Thursday, 7 November 2013

Super Valu breach customers' data protection rights

Irish Times

Supervalu has been forced to contact thousands
of customers who have bought its “getaway breaks” after a security breach at
the company that oversees the scheme left sensitive financial data potentially
compromised.

The “getaway breaks” vouchers are a key loyalty
reward programme run by the US-owned company Loyaltybuild,
which is based in Co Clare. It is reviewing the security of the personal and
payment card information held on its booking system.

“This review is necessary as Loyaltybuild has
advised its client base in Ireland
that its system may have been compromised by a third party,” said Supervalu in
a statement.

‘Precautionary measure’
He said that there was no information to suggest that any sensitive customer
data had been obtained “as yet”, and said that “as a precautionary measure” it
was urging customers who had booked a getaway break recently to review their
accounts and report any unusual activity or unsolicited communication connected
with the deal to their bank.

Supervalu apologised to its customers for any
unnecessary concern that details of the breach may have caused and said the
“Getaway Breaks” booking system will remain temporarily suspended until the
Loyaltybuild system has been given the all clear.

Encrypted
The company managing the rewards programme has informed the Data Protection
Commissioner of the potential breach, which was uncovered on October 25th, and
it stressed that all payment card information it holds is encrypted.

“We immediately engaged the services of a firm
of leading, international, online security experts,” a spokeswoman said. “They
are conducting a forensic investigation to help us identify whether any of our
stored data was compromised, and, if so, to what extent.”

She said that as of 5pm yesterday, the forensics
team reported there had been no signs of personal or financial details data
being extracted or compromised but added that the examination is ongoing.

She said that the company was “working around
the clock with our security experts to get to the bottom of this and to further
enhance our security”.